Public IP "Passthrough" on Cisco 1751

Posted on 2005-03-28
Medium Priority
Last Modified: 2010-10-05
We have a vendor who is setting up a kiosk at our location and they require internet access to the unit. There is a PC and an IP printer in the kiosk which are connected to a Cisco 831 VPN router. Our T1 terminates into a Cisco 1751 and we were hoping to use our existing bandwidth to provide connectivity for the kiosk, but I'm not sure how to make it happen.

The kiosk company's tech configured the VPN router to use one of our public IP addresses of 216.x.x.28 /28 with the same default gateway as we do for our internet access (216.x.x.17 /28) with for the LAN side of the router.

We have a very basic configuration for our 1751 with /24 for our LAN subnet. I will provide specific details if required...

My question is: How can I get all internet traffic directed at 216.x.x.28 /28 to route directly to the VPN router? Thank you so much for your assistance!
Question by:olhelp
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 13

Accepted Solution

Dr-IP earned 840 total points
ID: 13649613
It seems like your router is using NAT (network address translation), and they configured their router to directly us one of your public IP addresses. If that is the case it’ simply not going to work. To get it to work they will need to configure their router with one of the addresses, any you configure your router to forward all packets from that public address to the private one they are using on their router.  
LVL 11

Assisted Solution

-Leo- earned 160 total points
ID: 13649634
I would suggest you to use NAT for the kiosk 831 router. By the way, how this router connects to your 1721 ?
You can change address on 831 for the one from your subnet 192.168 and perform NAT on your 1721 to give 831 its address of 216.x.x.28 ...

Author Comment

ID: 13649715
-Leo-, their 831 is connecting to our 1751 through a Cisco 2900 switch.

Dr-IP, I've heard that there are issues with combining VPN and NAT, but I don't know any specifics right off hand... any thoughts or experience with this type of configuration?
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 13

Expert Comment

ID: 13654018
There can be issues with it, but since you pool of public address instead of just a single IP address that needs to be shared with many computers it’s generally less problematic since the ports can be mapped 1 to 1, IE port 50 inside goes to port 50 outside instead of something like port 50 inside goes to port 1024 outside like frequently happens when you are a single address with multiple devices, which reeks havoc with VPNS.  

Author Comment

ID: 13676479
Thanks for the response. I will try it tomorrow and let you know what happens (and award the points as necessry). Thanks!

Author Comment

ID: 13684809
Funny how things work themselves out... As I was working with the vendor to get his VPN router changed, another issue came up with a web content filtering solution that we were implementing. It appears that the way our router was set up (especially NAT) causes all sorts of problems when other devices are introduced into the network. So we're going to redesign the network this weekend. Thanks for confirming that this current scenario had very little flexibility!

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question